XML 29 R11.htm IDEA: XBRL DOCUMENT v3.22.2
Commitments and Contingencies
 6 Months Ended
Jun. 30, 2022
Commitments and Contingencies Disclosure [Abstract]  
Commitments and Contingencies COMMITMENTS AND CONTINGENCIES
Guarantees
We present the maximum potential amount of our future guarantee fundings and the carrying amount of our liability for our debt service, operating profit, and other guarantees (excluding contingent purchase obligations) for which we are the primary obligor at June 30, 2022 in the following table:
($ in millions)
Guarantee Type
Maximum Potential Amount of Future FundingsRecorded Liability for Guarantees
Debt service$77 $11 
Operating profit174 108 
Other16 
$267 $123 
Our maximum potential guarantees listed in the preceding table include $39 million of guarantees that will not be in effect until the underlying properties open and we begin to operate the properties or certain other events occur.
Contingent Purchase Obligation
Sheraton Grand Chicago. In 2017, we granted the owner a one-time right to require us to purchase the leasehold interest in the land and the hotel for $300 million in cash (the “put option”). In the 2021 third quarter, we entered into an amendment with the owner to move the exercise period of the put option from the 2022 first half to the 2024 first half. If the owner exercises the put option, the closing is expected to occur in the 2024 fourth quarter, and we have the option to purchase, at the same time the put transaction closes, the fee simple interest in the underlying land for an additional $200 million in cash. We account for the put option as a guarantee, and our recorded liability was $300 million at June 30, 2022 and December 31, 2021.
Starwood Data Security Incident
Description of Event
On November 30, 2018, we announced a data security incident involving unauthorized access to the Starwood reservations database (the “Data Security Incident”). Working with leading security experts, we determined that there was unauthorized access to the Starwood network since 2014 and that an unauthorized party had copied information from the Starwood reservations database and taken steps towards removing it. The Starwood reservations database is no longer used for business operations.
Litigation, Claims, and Government Investigations
Following our announcement of the Data Security Incident, approximately 100 lawsuits were filed by consumers and others against us in U.S. federal, U.S. state and Canadian courts related to the incident. The plaintiffs in the cases that remain pending, who generally purport to represent various classes of consumers, generally claim to have been harmed by alleged actions and/or omissions by the Company in connection with the Data Security Incident and assert a variety of common law and statutory claims seeking monetary damages, injunctive relief, costs and attorneys’ fees, and other related relief. The active U.S. cases are consolidated in the U.S. District Court for the District of Maryland, pursuant to orders of the U.S. Judicial Panel on Multidistrict Litigation (the “MDL”). On May 3, 2022, the U.S. District Court for the District of Maryland granted in part and denied in part class certification of various U.S. groups of consumers. We appealed the District Court’s decision, and on July 14, 2022, the U.S. Court of Appeals for the Fourth Circuit granted our petition to appeal. The Canadian cases have effectively been consolidated into a single case in the province of Ontario. We dispute the allegations in these lawsuits and are vigorously defending against such claims.
On August 18, 2020, a purported representative action was brought against us in the High Court of Justice for England and Wales on behalf of an alleged claimant class of English and Welsh residents alleging breaches of the General Data Protection Regulation and/or the U.K. Data Protection Act 2018 in connection with the Data Security Incident. The plaintiffs informed us that they have decided not to pursue this case and the case was discontinued in May 2022.
In addition, numerous U.S. federal, U.S. state and foreign governmental authorities made inquiries, opened investigations, or requested information and/or documents related to the Data Security Incident and related matters. Although some of these matters have been resolved or no longer appear to be active, some remain open. We are in discussions with the Attorney General offices from 49 states and the District of Columbia, the Federal Trade Commission, and regulatory authorities in Canada and Australia to resolve their investigations and requests.
While we believe it is reasonably possible that we may incur additional losses associated with the above described MDL proceedings and regulatory investigations related to the Data Security Incident, it is not possible to reasonably estimate the amount of loss or range of loss, if any, in excess of the amounts already incurred that might result from adverse judgments, settlements, fines, penalties or other resolution of these proceedings and investigations based on: (i) in the case of the above described MDL proceedings, the current stage of these proceedings, the absence of specific allegations as to alleged damages, the uncertainty as to the certification of a class or classes and the size of any certified class, and the lack of resolution of significant factual and legal issues; and (ii) in the case of the above described regulatory investigations, the lack of resolution of significant factual and legal issues in our discussions with the Federal Trade Commission and the state Attorneys General.